Adding upstream version 0.28.1.
Signed-off-by: Daniel Baumann <daniel@debian.org>
This commit is contained in:
parent
88f1d47ab6
commit
e28c88ef14
GPG key ID:
FBB4F0E80A80222F
933 changed files with 194711 additions and 0 deletions
157
core/mfa_model.go
Normal file
157
core/mfa_model.go
Normal file
|
|
@ -0,0 +1,157 @@
|
|||
package core
|
||||
|
||||
import (
|
||||
"context"
|
||||
"errors"
|
||||
"time"
|
||||
|
||||
"github.com/pocketbase/pocketbase/tools/hook"
|
||||
"github.com/pocketbase/pocketbase/tools/types"
|
||||
)
|
||||
|
||||
const (
|
||||
MFAMethodPassword = "password"
|
||||
MFAMethodOAuth2 = "oauth2"
|
||||
MFAMethodOTP = "otp"
|
||||
)
|
||||
|
||||
const CollectionNameMFAs = "_mfas"
|
||||
|
||||
var (
|
||||
_ Model = (*MFA)(nil)
|
||||
_ PreValidator = (*MFA)(nil)
|
||||
_ RecordProxy = (*MFA)(nil)
|
||||
)
|
||||
|
||||
// MFA defines a Record proxy for working with the mfas collection.
|
||||
type MFA struct {
|
||||
*Record
|
||||
}
|
||||
|
||||
// NewMFA instantiates and returns a new blank *MFA model.
|
||||
//
|
||||
// Example usage:
|
||||
//
|
||||
// mfa := core.NewMFA(app)
|
||||
// mfa.SetRecordRef(user.Id)
|
||||
// mfa.SetCollectionRef(user.Collection().Id)
|
||||
// mfa.SetMethod(core.MFAMethodPassword)
|
||||
// app.Save(mfa)
|
||||
func NewMFA(app App) *MFA {
|
||||
m := &MFA{}
|
||||
|
||||
c, err := app.FindCachedCollectionByNameOrId(CollectionNameMFAs)
|
||||
if err != nil {
|
||||
// this is just to make tests easier since mfa is a system collection and it is expected to be always accessible
|
||||
// (note: the loaded record is further checked on MFA.PreValidate())
|
||||
c = NewBaseCollection("@__invalid__")
|
||||
}
|
||||
|
||||
m.Record = NewRecord(c)
|
||||
|
||||
return m
|
||||
}
|
||||
|
||||
// PreValidate implements the [PreValidator] interface and checks
|
||||
// whether the proxy is properly loaded.
|
||||
func (m *MFA) PreValidate(ctx context.Context, app App) error {
|
||||
if m.Record == nil || m.Record.Collection().Name != CollectionNameMFAs {
|
||||
return errors.New("missing or invalid mfa ProxyRecord")
|
||||
}
|
||||
|
||||
return nil
|
||||
}
|
||||
|
||||
// ProxyRecord returns the proxied Record model.
|
||||
func (m *MFA) ProxyRecord() *Record {
|
||||
return m.Record
|
||||
}
|
||||
|
||||
// SetProxyRecord loads the specified record model into the current proxy.
|
||||
func (m *MFA) SetProxyRecord(record *Record) {
|
||||
m.Record = record
|
||||
}
|
||||
|
||||
// CollectionRef returns the "collectionRef" field value.
|
||||
func (m *MFA) CollectionRef() string {
|
||||
return m.GetString("collectionRef")
|
||||
}
|
||||
|
||||
// SetCollectionRef updates the "collectionRef" record field value.
|
||||
func (m *MFA) SetCollectionRef(collectionId string) {
|
||||
m.Set("collectionRef", collectionId)
|
||||
}
|
||||
|
||||
// RecordRef returns the "recordRef" record field value.
|
||||
func (m *MFA) RecordRef() string {
|
||||
return m.GetString("recordRef")
|
||||
}
|
||||
|
||||
// SetRecordRef updates the "recordRef" record field value.
|
||||
func (m *MFA) SetRecordRef(recordId string) {
|
||||
m.Set("recordRef", recordId)
|
||||
}
|
||||
|
||||
// Method returns the "method" record field value.
|
||||
func (m *MFA) Method() string {
|
||||
return m.GetString("method")
|
||||
}
|
||||
|
||||
// SetMethod updates the "method" record field value.
|
||||
func (m *MFA) SetMethod(method string) {
|
||||
m.Set("method", method)
|
||||
}
|
||||
|
||||
// Created returns the "created" record field value.
|
||||
func (m *MFA) Created() types.DateTime {
|
||||
return m.GetDateTime("created")
|
||||
}
|
||||
|
||||
// Updated returns the "updated" record field value.
|
||||
func (m *MFA) Updated() types.DateTime {
|
||||
return m.GetDateTime("updated")
|
||||
}
|
||||
|
||||
// HasExpired checks if the mfa is expired, aka. whether it has been
|
||||
// more than maxElapsed time since its creation.
|
||||
func (m *MFA) HasExpired(maxElapsed time.Duration) bool {
|
||||
return time.Since(m.Created().Time()) > maxElapsed
|
||||
}
|
||||
|
||||
func (app *BaseApp) registerMFAHooks() {
|
||||
recordRefHooks[*MFA](app, CollectionNameMFAs, CollectionTypeAuth)
|
||||
|
||||
// run on every hour to cleanup expired mfa sessions
|
||||
app.Cron().Add("__pbMFACleanup__", "0 * * * *", func() {
|
||||
if err := app.DeleteExpiredMFAs(); err != nil {
|
||||
app.Logger().Warn("Failed to delete expired MFA sessions", "error", err)
|
||||
}
|
||||
})
|
||||
|
||||
// delete existing mfas on password change
|
||||
app.OnRecordUpdate().Bind(&hook.Handler[*RecordEvent]{
|
||||
Func: func(e *RecordEvent) error {
|
||||
err := e.Next()
|
||||
if err != nil || !e.Record.Collection().IsAuth() {
|
||||
return err
|
||||
}
|
||||
|
||||
old := e.Record.Original().GetString(FieldNamePassword + ":hash")
|
||||
new := e.Record.GetString(FieldNamePassword + ":hash")
|
||||
if old != new {
|
||||
err = e.App.DeleteAllMFAsByRecord(e.Record)
|
||||
if err != nil {
|
||||
e.App.Logger().Warn(
|
||||
"Failed to delete all previous mfas",
|
||||
"error", err,
|
||||
"recordId", e.Record.Id,
|
||||
"collectionId", e.Record.Collection().Id,
|
||||
)
|
||||
}
|
||||
}
|
||||
|
||||
return nil
|
||||
},
|
||||
Priority: 99,
|
||||
})
|
||||
}
|
||||
Loading…
Add table
Add a link
Reference in a new issue